Analysis

  • max time kernel
    150s
  • max time network
    133s
  • platform
    windows7_x64
  • resource
    win7-20241010-en
  • resource tags

    arch:x64arch:x86image:win7-20241010-enlocale:en-usos:windows7-x64system
  • submitted
    31/10/2024, 09:51

General

  • Target

    82a6b97353276e56c60d82b72e711392_JaffaCakes118.exe

  • Size

    38KB

  • MD5

    82a6b97353276e56c60d82b72e711392

  • SHA1

    2b374f39254ad3825fb31302c8f03c7f6e0874f9

  • SHA256

    153ee55f8c75c191240debb39292916a5a95046db45cea7d73a16c3e4b85c6a7

  • SHA512

    bb77fd6f0c373f150072be3826a00b4f90f68debcff97a71600a735e0f3a1724b6f1bb4a0a9674e290e9b8ea09a97f719b39cbb32636ce4e8d009c6cfa97d32d

  • SSDEEP

    768:0IUZK41V3AhyRc7t9pK1B96uUdS3iN8frFS6sWkJGadMvJFULsvq:hAbk8OFzTqbkJhAJ1q

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 5 IoCs
  • Adds Run key to start application 2 TTPs 1 IoCs
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
  • UPX packed file 3 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

  • Drops file in Program Files directory 2 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
  • Modifies system certificate store 2 TTPs 2 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs
  • Suspicious use of WriteProcessMemory 7 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\82a6b97353276e56c60d82b72e711392_JaffaCakes118.exe
    "C:\Users\Admin\AppData\Local\Temp\82a6b97353276e56c60d82b72e711392_JaffaCakes118.exe"
    1⤵
    • Loads dropped DLL
    • Drops file in Program Files directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2360
    • C:\Program Files (x86)\lsass\lsass.exe
      "C:\Program Files (x86)\lsass\lsass.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Adds Run key to start application
      • Checks whether UAC is enabled
      • System Location Discovery: System Language Discovery
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      PID:2516

Network

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          1c9010bd0b3b96135523b174f6a2c49b

          SHA1

          38214bece846cd5350612bdbf242d66bb9799d06

          SHA256

          8415ecc967e8fad302fdf35a55b75435a09a7c7516948b2a5e7896eff8283394

          SHA512

          dacd68d806ab466d923b7bf20f9a304d513cc9bbf398e2863f1c2cce2da0abd60cd9766d2b13d249c20e26548cc91de3ae3c1b6e75be23ae31483ac5351994f7

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          e8b8962c9601e23312fcfb4304752da1

          SHA1

          fd63a823f28d2bcbe5c7bb25f39bc1933b2dc4c2

          SHA256

          fe4be131f45ce1f2caebec26ef2b2c89e5372abb4d730c72f6adde12ff24c04c

          SHA512

          45218d7e2ea9b81ed9ba18835702368088e53f4703e8a106279c1b8139dfe2e614cc012caafe50b321f482fdf549f0f9876dfe8cda51d8b42111a5d9da219b10

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          99d5dc5228dad0b08ba86b01f6ec87e5

          SHA1

          78fed8e95784c7346cfbad3b24b808ef886656f8

          SHA256

          44abbf140f878af5cb4cc582f218b420c3ccc5f609905f7281ff23ca9052faf0

          SHA512

          4a58ae90d497158c15ce4b768adf27a0b4bb0bc32ae87ccb6ceeb9a205c06eddb9055c4a2a9a921ac36907dcf52bb742f367615a3894d9d2ff5d4e29ea30bb65

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          2b08ed6c0bd139239fac13393e9390f1

          SHA1

          27a74403d721613eb3075c538bded7f8158b5424

          SHA256

          1e291faf6b7e3b2c789adb04ed80bf747bda8f1668545301a01279595e247cff

          SHA512

          75caac254b1228d5827479f994e659226b7d948c2759664519f3dc77ecb855ac637a2e96fed6b1356812bfbf74ca2c55a067d012ba080a8c5937bc46b64bba28

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          997c07ad0a21fb326c02143a74029f2b

          SHA1

          15011644812f7b1aa9015bec5c59bbd09be3033f

          SHA256

          cf105f4d3d634157abf8e2a5fa70762396e579ffe3b206bd844781492dac16fa

          SHA512

          63313358d6d25239427f7f14b91750b8f477d5e4613d01d596c067539892240e127f3913bb206ef0168cfdd0de8d7b788d58c93b42c1544c2fb519d60f2b9048

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          eecf0a09590c3cda64cfb96a13bc8a59

          SHA1

          a356185b897173aa090ad1b9ec17b0b403d79835

          SHA256

          29ed483fb0c84fb18b1216c3218c8cebe318ebb7a71076ce10a3d7c5cb7341ac

          SHA512

          b9328c608ccd01ca837fc7a86ca0116502f84e021a438b595d604ba8fd22cb65b44f3e72da8c1847cba4034431d4d1c7c942b6f7389d7beb223df927586efac8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8caa9ee1dfda099965c3fb93cedc1b26

          SHA1

          d872f6c4802549e1b589120d861b7022b784e924

          SHA256

          87200162920c162ce5b48b3d6882a51bbeb674297e48e770ad6bb1fca909d2c8

          SHA512

          c849a5e27114aeb7d2d86ed7b9abbddfca1cde2745f4b9650dcfd10db60c5edd111122f3c4642c35e26b3791a0c9cde3b57dc70040abf26fbc06b787f0a25ac8

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          5422fe3f0ed4baac434fdfc7945c2478

          SHA1

          aff99361776fd920933939d8c09b8cb5afab975d

          SHA256

          fea80261425949734acb243f0be4ae3f2b2776a627f002953f5396f56e502d7a

          SHA512

          8aa26e08fac9837df89bbd9b8da02a6ccf0d405fc02493eb3f7845bfb784c01dc1b151efc06479c13777010563f1b58cc4972b593945193e20b3325e9480c84b

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          8ec72fd8e4c845f40be70e7fcaff1398

          SHA1

          a88fab7768258031849b8e61607bcf2d3c8e7714

          SHA256

          123096996c2fcc1cb5042ee3cb50b7187913bbc074b60ef75a2f21fd01b5d2a8

          SHA512

          801441740602b6901374278c6dd122e8f3415a58620f8c568db3c5c20887c29428c65d83f69b09f0733a6b407c296b8e5fad2b1868d906a31ac1d4a5165762fa

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          00d86df7169a8742074bfa6702ca6064

          SHA1

          82e7f80a9e59466a61948c7a234e566ddf531b7c

          SHA256

          7f4a4efb0e1ec50a942985ef8060696859cf3b6061dd2ede70fcaee5934b5f25

          SHA512

          18d4c2fe3169649ecec3128357bf38eda5951774d45d5c8a435c68d320f26c57fcb40093977adf5d56f7c68e5a210dd09a07cef6cd29bcbbcb7be1de08c6e81a

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          595c53efd975181aeb151fbc5167284d

          SHA1

          652e1922f4c5b2b97759194947d3c002fe337835

          SHA256

          130bb0c22a8106cd6ba3cfc13c18dc1de06ad81f9d19c01c530f26bd7c7c1240

          SHA512

          a21e3c8822132bf108c5751f50ceffcb1a38b4cdb9e23a42097703dfc10a9addad6f5643cf3b1355854ecb24fa673346d19dca477269290b92e1ab042b260773

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          cee0e7f65bee247dc62b4ba4efcd9346

          SHA1

          8576eeb9335dbbdc65e7575e66bd7e9ccbc808eb

          SHA256

          13b8d9ed26b1d0d4bc31b67bc16d4f5a617951f70c6cc555cad90a7c36636566

          SHA512

          5b374f9bb26c25507a1b80e5d9341536983ced66e51da4ba514eb21e6f992782b548e090cfaf091adfe9794a91ace8ec2fe9d05fde6568d46178bddef7b5e6f1

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          59c9ca82fc6e930e44afe59472491ac5

          SHA1

          1897893476e4fcfceccfd0b6868d5790ed51889c

          SHA256

          e4ab99ed3327e8f93e1e18d5eab6cc3e1e5803eba763bd45ac9d368c71c4ad76

          SHA512

          661cd738919122d2d35771d54b38e36e4ca9c299e7eb78b15a4498459efe0259fe2bc15b771af58c3af8de933e6aeec58cf0ec777e0a77c87d6aa929639b58ef

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

          Filesize

          342B

          MD5

          b2750c77e4604a20fda4417fddba44cf

          SHA1

          5dd45f61ae1f143ceebc19d397a92d25689a6884

          SHA256

          6ddeed226f530a7502b9f61b92c949ad8f0bf15acb62b07a5889b2d5f5ccb799

          SHA512

          70eb7973aecf3c3341f800adc5337cc2faff9bc8de9dabe139933c3fd9cb1b42de692879f45fa1b28bdbfba048473e549930c78c63c479cd9f782d49013b8993

        • C:\Users\Admin\AppData\Local\Temp\CabF614.tmp

          Filesize

          70KB

          MD5

          49aebf8cbd62d92ac215b2923fb1b9f5

          SHA1

          1723be06719828dda65ad804298d0431f6aff976

          SHA256

          b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f

          SHA512

          bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b

        • C:\Users\Admin\AppData\Local\Temp\TarF6F1.tmp

          Filesize

          181KB

          MD5

          4ea6026cf93ec6338144661bf1202cd1

          SHA1

          a1dec9044f750ad887935a01430bf49322fbdcb7

          SHA256

          8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8

          SHA512

          6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b

        • \Program Files (x86)\lsass\lsass.exe

          Filesize

          9KB

          MD5

          0c41c7a0ba069b68031273098e18bebe

          SHA1

          12a6c0c7a762a2fc4834ca7de13781cadba7275c

          SHA256

          da474f9eef7b56fe824a09d95c19d1f6e254945e0a09ae041099473f1f83bb97

          SHA512

          9233445e8d7e268738844fd456154529442bd59369b6c89b014595a4eadc4c689e9a43b3f70de019fc498fc0fa4c4421407c68c54d9aa99a19f42aa32c0f96a1

        • memory/2516-8-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2516-198-0x0000000000020000-0x000000000002B000-memory.dmp

          Filesize

          44KB

        • memory/2516-14-0x0000000000020000-0x000000000002B000-memory.dmp

          Filesize

          44KB

        • memory/2516-13-0x0000000000020000-0x000000000002B000-memory.dmp

          Filesize

          44KB

        • memory/2516-79-0x0000000000400000-0x000000000040B000-memory.dmp

          Filesize

          44KB

        • memory/2516-199-0x0000000000020000-0x000000000002B000-memory.dmp

          Filesize

          44KB

        • memory/2516-197-0x0000000000020000-0x000000000002B000-memory.dmp

          Filesize

          44KB